Why We Need Secure Identification

/0 Comments/in , , , , , , /by

New York police have served warrants dozens of times to an elderly couple looking for suspects the couple has no knowledge of. “Police have knocked on their door 50-plus times since the couple moved into their home in 2002, looking for suspects or witnesses in murder, robbery and rape cases, according to reports. The couple has been visited by law enforcement up to three times a week. Authorities are investigating the possibility that the Martins’ identities may have been stolen.”

Criminal identity theft is when someone commits a crime and uses the assumed name and address of another person. The thief in the act of the crime or upon arrest poses as the identity theft victim. Often the perpetrator will have a fake ID with the identity theft victim’s information but the imposters’ picture. This is the scariest form of identity theft.

In Mexico plans are rolling out to identify  110 million citizens into its national ID card program. “The program will be among the first to capture iris, fingerprint and facial biometrics for identification.  Similar programs around the world use biometrics for voter registration and even financial transactions. Possible uses for the card include  identification, driver licenses, collection of tolls, a travel card and an ATM card.”

In India, they are in the process of creating the Unique Identification Authority to identify their 1.1 billion citizens. A uniform ID system with biometric data, which should launch next year, will be designed to curb fraud and effectively identify their citizens. It could also make many new commercial transactions possible by allowing online verification of identities by laptop and mobile phone.

In the US, in order to end illegal immigration politicians have proposed a worker identity card and quoted from the New American “Ending Illegal Employment Through Biometric Employment Verification,” Reid, et al, set forth their chilling scheme to require all Americans to carry a 21st Century version of the Social Security Card. The national identification card will be embedded with biometric data detectable by federal agents. Specifically, the Reid plan will mandate that within 18 months of the passage of immigration reform legislation, every American worker carry the “fraud-resistant, tamper-resistant, wear resistant, and machine-readable social security cards containing a photograph and an electronically coded micro-processing chip which possesses a unique biometric identifier for the authorized card-bearer.”As if that isn’t enough to freeze the blood of any ally of freedom and our constitutional republic.”

“Chilling scheme” and “freeze the blood” or a step towards security? I wonder if the couple in New York or the millions who have had their identity stolen wish they were properly identified.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the Social Security numbers on Fox News.

12-Year-Old Girl Home When Man Tries To Break In

/0 Comments/in , , , , , /by

Is it OK if I call this criminal a boob? Because he’s a dopey boob who used a pink Huffy as a getaway vehicle. And his victim, well, she’s a ROCK STAR! Read on... A 20 year old burglar breaks into a home. Twelve year old girl is home alone. I don’t know why, I think that’s illegal in some states. But she’s home alone and at least the alarm is on. Which turns out to be a very good thing.

Using a brick, burglar breaks the glass on the front door and reaches through to unlock the door. Girl sees a green latex glove coming through the window. Smart little rock star that she is; she hits the panic button on the home’s alarm system, and the thief ran off.

“When police arrived, they found two witnesses – one who saw a man enter the back yard of the residence, and one who saw him leave. Both provided the same description. About a block away, police saw a man matching the description riding a pink Huffy youth bicycle, and they stopped him.

According to police, the boob had several different stories about where he was going and where he had been. Police patted him down and found a screwdriver and green latex gloves, which matched with what the girl saw when the suspect’s hand came through the front door.”

First, never leave a 12 year old home alone. Maybe a 12 year old is perfectly capable, but still, that doesn’t work for me. If it’s legal in your state to have a 12 year old home alone, then at least discuss home security tips, which in this case it seems they did. She did well by hitting that panic alarm.

At least install home security cameras as another layer of protection with signage outside. Do you think this house had a sign outside that denoted the house was alarmed? If it did I bet the guy would not have broken in.

The door on this house facilitated the break in. Windows on doors aren’t secure. I prefer solid core doors. If you are going to have a window on a door, it should be very small and be at the very top of the door so the burglar can’t break it and reach in to unlock the door.

Finally, I love the fact that the neighbors saw him. This must be a neighborhood with a successful neighborhood watch program.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams.

Why American’s Identities Are Easily Stolen

/1 Comment/in , , , /by

Identity Theft Expert Robert Siciliano

We can fix this thing, but we won’t because we don’t want to be inconvenienced. I’m introduced to amazing technologies every week that will stop this. All they need is government support and system wide adoption. Meanwhile, Chuck Schumer and Ed Markey and the rest of the grand standing politicians scream about privacy and security issues when they see an opportunity for publicity, but their follow through is less than satisfactory.

We use easily counterfeited identification, Social Security numbers that are written on the sides of buses and we rely on the anonymity of the phone, fax, internet and snail mail as a means of application.

In other countries they solve problems. They have priorities and don’t deal with the rhetoric.  They put security first, convenience second.

Cedric Pariente from B32Trust tells us that in Paris, France you need to open an account first before a loan is granted by a bank. In order to do so, you need to provide them with a printed copy of your ID card and proof that you still live where you claim to live (last electricity bill usually.) Then they can check your credit history and decide to grant you with a loan or not. Most of the time, they just check that your debt is not over 30% of your income. You have to be a bank client. Doesn’t seem they allow phone, fax, internet or snail mail transaction when granting credit.

In the UK, Keith Appleyard echoed something similar to France’s system: you have to present yourself in person with a Government-issued Photo ID such as Passport or Drivers License, plus a proof of address less than 3 months old, such as a bank statement or utility bill. Keith further explained the whole UK population had vetting their Identity Credentials and one of the last people to be vetted was the Queen of England, but she is not exempt. So she meets with her Bankers, but she doesn’t have a Passport or Birth Certificate or Drivers License. So she asks them to take a Sterling Currency note out of their wallet, points to her picture engraved on the note, and says “yes, that’s me”. So they officially recorded the Serial Number on the Currency note as being her Identity Document. I think that process may need looking into. J

In Australia, Stephen Wilson from the Lockstep Group discussed identification of customers opening bank accounts has been regulated since the 1980’s.  They have a roster of “evidence of identity” documents (passports, Australian driver licenses, government issued cards of various sorts, other bank accounts, utility bills, birth certificates, naturalization certificates …) each of which is equated to a set number of “points” reflecting broadly the quality of the document as proof of id.  You need to present 100 points total to open an account.  Usually passport + driver license suffices.

Gavin Matthews of SECCOM GLOBAL in Australia adds the system can only be compromised with forged items, which are not that easy to obtain. Like our money these days we have holographic licenses, chipped passports etc. However it does happen regularly and organized crime is the main culprit (Asian gangs, motorcycle clubs etc) and replication of stolen items probably makes up 70-80% of beating this system. There have been cases here of people working for drivers licensing authorities in various states being indicted for fraud etc and being linked back to organized crime.

In Finland, Kalle Keihanen from the Nordea Bank Finland Plc added the modern IDs are pretty tough to forge and forgeries easy to spot by professionals like bank tellers. If there is a suspected fake document the police are summoned and their database includes pictures and such of the real person.

When opening a bank account, the social security number on the ID is first mathematically verified (it has a simple algorithm built in), and then submitted electronically to a national registry, which then returns the name, address and credit info tied to that SSN. Utility bills or such are therefore not needed.

The low identity theft figures in Finland are mostly due to the SSN, where the system does real-time checks on the status of the identity, combined to a difficult-to-forge array of ID papers (passport, driver’s license, national id). Also, nearly 100% of Finns always carry a picture ID, since the law requires “every person of age 15 and up to be able to reliably prove their identity to the authorities.” Thus, there is a “chain of picture identity papers” starting from childhood in the national registry and any new ID application is verified against previous ones and the photos in the database, making applying for an ID with a stolen identity extremely difficult. You can only apply for an ID to replace one that is broken or expiring. Stolen or lost IDs are always submitted for criminal investigation before a replacing ID is issued.

While none of these systems are perfect, they are a step in the right direction and far better than the US’s honor based system. At least we have corporations that are providing what the government won’t. But that still doesn’t fix the problem.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the criminal hackers on Good Morning America.

Personal Knowledge or “Qualifying Questions” as Authenticators

/1 Comment/in , , , , /by

How many times have you forgotten a password? Fortunately the website you were on only needed your username or an email address and they would respond with a few questions for you to answer. Once you responded with what was in the system you then re-set your password and you’re in.  Easy peazy.

What’s your favorite food? Where did you honeymoon? Your first pets name? Name of your first car? The name of your elementary school?  Your fathers middle name? All these questions are meant to replace that used-to-be-secret-obscure word that only you and your parents would know the answer too – your mothers maiden name.

Then came Ancestry.com, Geneology.com, Google and for crying out loud Facebook. Now much of this information is available by doing a quick search online via public records or it’s easy to guess if the “hacker” is an acquaintance.

I’m a member of an organization in which I have been granted access to a bank account we have. But I haven’t accessed the account in months.  Since the last time I logged in the bank instituted a qualifying question as another layer of protection. Instead of calling the other person who was also managing the account I simply guessed the answer. “Where did you go to high school?” I didn’t know where this person went to high school but I knew where his mother lived. I entered the name of the town and BOOM, I was in.

It shouldn’t be that easy.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing hacked email on Fox News.

Scareware Incorporates Customer Service

/0 Comments/in , , , /by

Robert Siciliano Identity Theft Expert

Fake anti-virus software called ’scareware’ pops up in your browser and begins to scan your hard-drive made to look like a legitimate scan. It often grabs a screenshot of your “My Computer” window mimicking your PCs characteristics then tricking you into clicking on links. Pop-ups bombard you and warn you that your PC is infected with an Ebola- like virus and your PC will die a horrible death with fluids running from all ports if you don’t fix it immediately for $49.95.

Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure.

The rougue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote access support instructed by support to click a link initiating remote access to their PC.

The best way to prevent seeing a pop-up for scareware is using the latest Firefox or Internet Exploer browser. An updated browser lets few, if any pop-ups through. No pop-ups, no scareware. If you are using another browser and a pop-up –pops-up, shut down your browser. If the pop-up won’t let you shut it down, do a Ctrl-Alt-Delete and shut down the browser that way. Never click links in pop-ups.  If the pop-ups are out of your control, do a hard shutdown before you start clicking links.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Breach of 3.3 million Social Security numbers on Good Morning America.

1.5 Million Americans Have Been Victims of Medical Identity

/0 Comments/in , , , , , , /by

Robert Siciliano Identity Theft Expert

The Smartcard Alliance has released an in-depth report called “Medical Identity Theft in Healthcare.

While identity theft is a global issue that garners much media attention, most do not realize that medical identity theft is a serious and growing threat. Many authorities consider medical identity theft one of the fastest growing crimes in America. With the digital age of healthcare upon us, the risks are expected to increase as electronic medical records become more prevalent and the exchange of this data over expanding networks becomes more pervasive. Heightened concern over personal data security and privacy highlight the importance of having secure electronic medical identities.

According to a recent Ponemon Institute study, nearly 1.5 million Americans have been victims of medical identity theft with an estimated total cost of $28.6 billion–or approximately $20,000 per victim. [1] Further evidence of the significance of the medical fraud problem is the allocation of $1.7 billion for fraud detection in the 2011 U.S. Health and Human Services Department budget. [2] In 2009, 68 reported healthcare data breaches in the U.S. put over 11.3 million patient records at risk of exposure.

Patients whose medical identities are stolen face serious lingering effects. Fraudulent healthcare events can leave erroneous data in medical records. This erroneous information–like information about tests, diagnoses and procedures–can greatly affect future healthcare and insurance coverage and costs. Patients are often unaware of medical identity theft until a curious bill or a surprising line of questioning by a doctor exposes the issue. Then, the burden of proof is often with the patient and it can be difficult to get the patient’s legitimate medical records cleaned up. The consequences can also be life threatening and can lead to serious medical errors and fatalities.

Identity theft prevention services generally will not protect you from medical identity theft. However, if your information is out there on the Net and being scanned constantly by the identity theft protection service, then your risk is lowered. Furthermore, I’m all about layers of protection. If your identity is protected from new account fraud via credit monitoring or credit freezes then the thief may use another identity that has less restrictions.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Medical Identity Theft on the CBS Early Show

Do You Spy on Your Spouse?

/0 Comments/in , , , , /by

Robert Siciliano Identity Theft Expert

Generally in a trusting relationship spying isn’t necessary. I’m sure Sandra Bullock, Kate Gosselin or Tiger Woods wife didn’t think they needed to spy on their husbands, until they did. Reckless behavior like that can bring home a very itchy or very deadly disease.  One that victimizes the innocent.

The fact is humans have a tendency to lie.  Lying is generally done to protect people from the consequences of their actions or to protect others from the emotional hurt because of what they did.

Spying generally occurs when trust is broken or intuition kicks in and someone senses something is askew. Spying is easier today than it’s ever been. According to a recent survey polling 1,000 men and women of various ages, incomes, and locations in the United States, there’s a 38 percent chance you would spy if you’re 25 or younger.

Among respondents, 38 percent of those 25 years old or younger admitted to snooping on their boyfriend’s or girlfriend’s messages, and 36 percent of those who are married admitted to checking their spouse’s e-mail or call history.

Spying can be accomplished by simply picking up a person’s phone and looking at the incoming and out going calls and text messages. Mobile phone spyware is readily available and can monitor almost every aspect of a phones use remotely.

Small wireless cameras installed in lighters, pens, clocks, smoke detectors and just about anything else are readily available. Commercially available spyware can easily be installed on a person’s computer. Undetectable hardware called “key catchers” can be installed in the PS2 or USB ports and the person’s keyboard is piggybacked and logs all their keystrokes.

Identity thieves are using the exact same technologies.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN

April Foolery and Springtime Home Scams

/0 Comments/in , , , , , /by

Spring is here! Thank heavens. I’ve had enough cold and rain to last 50 winters. In the Northeast millions of people are pumping out their basements due to record rainfalls. The Boston Globe reports police want you to know that so you don’t get hit twice from the recent rains: once when your property gets damaged, and again when a con artist comes calling at your door looking to rob you.

First, there is no such thing as the “Municipal Water Disaster Department.” But in drenched communities home scammers are posing as inspectors and gaining access to people’s homes.

In one incident a man knocked on an older couple’s door asking to see their basement to check utilities for safety purposes. Once inside he told them he needed to go upstairs to check on something and they should remain downstairs. The couple remained in the basement waiting for instruction but after about 15 minutes they realized something was wrong. They went upstairs to find the man was gone and $7,500 had been taken from a safe and hundreds more stolen from elsewhere in the home.

This time of the year people are also doing their spring cleaning and home scammers are trying to clean you out too. Apparently chimney sweep and chimney repair is something to look out for. Someone knocking on your door looking to sweep your chimney may do the job, but may also find all kinds of unnecessary repairs that they will try to sell you. Don’t get me wrong here, if someone tells you your chimney needs repair, act on it, but first get a second opinion on it. And do it fast because a broken chimney is a severe health hazard.

Look for driveway repair home scams, phony landscapers, window washing scams, trash removal or clean out home scams. All I’m saying’ is you need to have your head up and pay attention to what’s going on out there. Scammers are using every possible event, holiday, season or tragedy to catch you with your guard down.

Robert Siciliano personal security expert to Home Security Source discussing home invasions and home security on the Montel Williams Show.

ID Theft Ring Gleaned Socials From Medical Records

/0 Comments/in , , , /by

Robert Siciliano Identity Theft Expert

Medical identity theft occurs when the perpetrator uses your name and in some cases other aspects of your identity, such as insurance information, to obtain medical treatment or medication or to make false claims for treatment or medication. As a result, erroneous or fraudulent entries wind up on your medical records, or sometimes entirely fictional medical records are created in your name. Financial identity theft as it relates to new account fraud is when an identity thief gets the victim’s Social Security number and opens new financial accounts under the victim’s name. There’s very little protection from this due to a flawed system of open credit and lack of authenticating the actual “owner” of the SSN.

In Chicago, ABC News reports “Seven people have been arrested in an identity theft ring that allegedly used information stolen from victims’ medical records to obtain credit cards. The identities of more than 200 patients of a Chicago hospital were stolen. The information was stolen from the offices of the Northwestern Medical Faculty Foundation. That information led to $300,000 worth of goods and services being racked up on fraudulently.The suspects are even accused of using Facebook to post photos of themselves posing with stolen clothing and jewelry.”

One of the rings leaders alleged to have been a part of the group, is being held on $100,000 bond. Apparently her third run-in with the law.

Her mom said “That’s really not her. She is a good person. She do have a heart.” She “do”, huh? She do like to steal identities too. And she do like to buy her nice stuff with those stolen identities. The victims have to spend many hours cleaning up their good names. They may be denied loans in the process or jobs or insurance due to bad credit.

You do need to protect yourself from new account fraud and identity theft protection and a credit freeze is the best way. I did a spot on Good Morning America on this story below.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ID Theft Ring on Good Morning America

Be careful Your PC Isn’t Held for Ransom

/0 Comments/in , , , , , , /by

Computerworld reported that a hacker threatened to expose health data and demanded $10 million from a government agency. The alleged ransom note posted on the Virginia DHP Prescription Monitoring Program site claimed that the hacker had backed up and encrypted more than 8 million patient records and 35 million prescriptions and then deleted the original data. “Unfortunately for Virginia, their backups seem to have gone missing, too.” “Uh oh,” posted the hacker.

Holding data hostage is sometimes done using “ransomware” Otherwise known as “ransom software.” The software gets on your PC as the result of you downloading an infected attachment or clicking the links in the body of an email. Sometimes you can get ransomware simply by visiting a website in what’s called a “drive-by.”

Once your PC is infected with ransomeware it locks down your files in a way that prevents you from accessing them and gives the bad guy full control of your machine.  Sometimes the virus poses as a “Browser Security and Anti-adware” security application whose license has expired. Windows machines infected by the malware are confronted by a full-screen message that poses as a Windows error.

This type of an exploit not common, but it’s definitely a rising star in the malware community. The best way to avoid this is to make sure your PC is updated with the most current version of your operating system, and anti-virus definitions. It’s also very important not to click on links in the body of an email or visit rogue websites that may have viruses that inject themselves into your browser.

Robert Siciliano personal security expert to Home Security Source discussing Ransomware on Fox Boston.